tag:www.schneier.com,2016:/blog//2/tag:www.schneier.com,2006:/blog//2.1065-2016-09-03T05:35:20ZComments for Ten Worst Privacy Debacles of All TimeA blog covering security and security technology.Movable Typetag:www.schneier.com,2006:/blog//2.1065-comment:148370Comment from steve smith on 2007-02-20steve smith
I would sugest that Google should not have out address information if a person asked for it not be given out. But they refuse to do this. How would Brin Sergey dob 8-21-1973 of 1984Latham Street #25 Mountain view, CA 94040 like his info being given out. Hmm I wonder Humm]]>
2007-02-20T23:31:59Z2007-02-20T23:31:59Ztag:www.schneier.com,2006:/blog//2.1065-comment:110185Comment from real world on 2006-08-29real world
Look at number two and read James Bamford's The Puzzle Palace.At the turn of the last century ITT used to give the govt access to all its overseas cables before they were sent along.]]>
2006-08-29T05:00:44Z2006-08-29T05:00:44Ztag:www.schneier.com,2006:/blog//2.1065-comment:109625Comment from antibozo on 2006-08-25antibozo
The problem with SSNs is that they are perceived to be secret, though they never truly have been. And for an increasing population they are no longer perceived that way. As I've said many times, the totally obvious solution to the privacy problems associated with SSNs is for Congress to pass a law requiring the publication of everyone's SSN. This is the most expedient way to dismiss any illusion of secrecy so that the people who use SSN for authentication no longer have any excuse for not actually implementing a secure authentication system.

This is so obvious I don't understand why it wasn't done years ago.

]]>
2006-08-25T21:40:38Z2006-08-25T21:40:38Ztag:www.schneier.com,2006:/blog//2.1065-comment:109249Comment from Hal Canary on 2006-08-24Hal Canary
Isn't the problem with the SSN that it is used for authentication?]]>
2006-08-24T16:33:55Z2006-08-24T16:33:55Ztag:www.schneier.com,2006:/blog//2.1065-comment:109145Comment from Matt D on 2006-08-24Matt D
@xellos: "Can't wait for when the cops can issue you a speeding ticket without even pulling you over, thanks to the integrated RFID reader in the radar/lidar gun."

Well, that's pretty much the situation already, really, depending on where you happen to live.

Speed cameras 'write' tickets for speeding based on a photograph of the vehicle's registration plate and the registered owner/keeper of the vehicle. No pulling the vehicle over or anything, just a demand for cash through the mail at a later date.

Consider also the various 'voluntary' road taxing / toll collection schemes around the world that use RFID schemes to collect money / levy fines etc.

And then there are the upcoming 'average speed' speed traps, which, unlike the GATSOS systems, record the registration/RFID/whatever of *all* vehicles passing them, not merely the speeders, for forwarding to a second device a mile or two down the road - and, if the system designers so wish, to a central facility for addition to a database.

With systems such as this beginning to come on-line (e.g. here in the UK), RFID is a somewhat marginal issue, as far as vehicle tracking is concerned.

]]>
2006-08-24T10:19:44Z2006-08-24T10:19:44Ztag:www.schneier.com,2006:/blog//2.1065-comment:109075Comment from Engberg on 2006-08-23Engberg
Forgot to mention.
Austria has a SSN system in place where you use sector-specific SSN codes.

However since these are derived from a unique number controlled by government and there are no User-Centric Identity Mangement Scheme in operation, the setup us really a single SSN trying to claim multi-SSN status. It is somewhat better, but not much.

This is not much different from the Server-side Single Signon setup claiming privacy without real justification. For instance SAML is filled with privacy claims like this even though the Identity Providers can easily link everything.

From a security perspective these entities are what I like to call single-point-of-trust-failures. THEY might survive a security failure through backup etc., but customers wouldnt - especially not if the attacker is internal or institutional.

]]>
2006-08-23T23:20:50Z2006-08-23T23:20:50Ztag:www.schneier.com,2006:/blog//2.1065-comment:109073Comment from Stephan Engberg on 2006-08-23Stephan Engberghttp://www.priway.com
The real question is not if we should have a SSN, but how we can have many in such a way that government cannot combine the separate compartments of yoyur life, but you get the benefits of structure and others get the benefits of some reasonable level of crime protection.

For instance the credit files in US in my view is an outdated mistake, that we dont need anymore. There is no reason why those that give you credit need to know what the credit is for.

]]>
2006-08-23T23:10:50Z2006-08-23T23:10:50Ztag:www.schneier.com,2006:/blog//2.1065-comment:109029Comment from Felix T. Cat on 2006-08-23Felix T. Cat
I work for a taxing agency and I can tell you for a fact that the American SSN is definitely **not** unique.

At one point, we had 4 SSNs on file that were shared by 2 taxpayers each. The SSNs in these cases had been legitimately issued by the Social Security Administration.

I don't know the current situation (because my opportunity to converse with the responsible programmers during midnight emergencies is gone), but with the current horde of illegal aliens "borrowing" SSNs as a matter of course, I suspect it is much worse than before.

The "solution" to the problem was to append an in-house generated "sequence number" (3 decimal digits) *and* the first four characters of the surname to guarantee uniqueness.

Whenever our DBAs insist on using combinations of business data fields (including SSN or FEIN) to create "uinique" keys, I point this little historical anomaly out for them. The DBAs also attempted to insist that the SSN *is* unique because the Social Security Administration claims it to be unique. I suggested they call a retiree who worked on the above "fix" and the discussion abruptly ended. They *hate* it when this comes up because they always lose the argument before they force the practice. (It's their database, after all...)

The main problem with the SSN with regard to privacy, was the government's repeated assurances that it was *private.* When I was a young man, my Social Security card plainly said it was only to be used by the SSA and that other use for identification was prohibited by law. Such is longer the case, if it ever really was.

]]>
2006-08-23T18:36:11Z2006-08-23T18:36:11Ztag:www.schneier.com,2006:/blog//2.1065-comment:109012Comment from Xellos on 2006-08-23Xellos
--"The new census will use Microsoft mobile devices from what I have read."

Yup. They did the test run in Austin, Tx, where I live. Had several of the polsters stop by my place, iPaq (or whatever; don't recall the brand) in hand, asking for info. They're even equipped with GPS systems so they can get the coordinates of your house. I told them they better take those from the (public) street, but I doubt they listened.

Given the RFIDs in passports and the repeatedly escalating attempts to create a national ID system, and the Supreme Court's ever increasing willingness to ignore the fourth and fifth amendments, it's not hard to foresee a time in the US where everyone will be tracked constantly by their official ID and arrested if they don't have it. *sigh* Can't wait for when the cops can issue you a speeding ticket without even pulling you over, thanks to the integrated RFID reader in the radar/lidar gun.

"Only if you believe that murder is the worst thing that can happen to somebody. Now, while I happen to think that being killed isn't all that nice a thing, I think there may well be worse things - and having your very identity stolen is among them."

Hmm, yeah, maybe the temporary inconvenience of having your ID stolen is worse than death, riiiiiight.

Is that argument like: "I'm against capital punishment because a lifetime of suffering in prison is worse for the murderer"? The hassle to regain your life back is worse than losing it in a very real sense?

On the other hand, how many murders have been enabled by the presence of the social security number and subsequent data spillages, etc. Apart from the scene in the movie "The Jerk" when M. Emmet Walsh's character picks Navin Johnson's name and address out of the phone book and starts shooting...

]]>
2006-08-23T14:53:50Z2006-08-23T14:53:50Ztag:www.schneier.com,2006:/blog//2.1065-comment:108970Comment from Tim B on 2006-08-23Tim Bhttp://www.iainsidethebeltway.com
I'd say in order to be a true debacle, the privacy data would actually have to have been used in identity fraud. The VA laptop wasn't a debacle (fortunately) by that standard. The debacle was in spending another $28MM to react to the loss, which turned out to be a simple theft.

By the way, if folks think the NSA is the only one grabbing you phone data, you are sadly mistaken.

]]>
2006-08-23T13:29:35Z2006-08-23T13:29:35Ztag:www.schneier.com,2006:/blog//2.1065-comment:108947Comment from Giacomo on 2006-08-23Giacomo
@Dave Aronson:
Buddhist monks actually do "prove" that they are reincarnations of previous "spirits". Obviously, it all depends of what you mean as "proving"... if it's "scientifically proving", then no, we'll never be able to do that, of course. Science and religion are still two separate things, despite what some extremist $RELIGION sects would like us to believe.

and to make all this post on-topic... what about the recent AOL leak? That's very bad as well.

]]>
2006-08-23T12:18:54Z2006-08-23T12:18:54Ztag:www.schneier.com,2006:/blog//2.1065-comment:108924Comment from Mike Scott on 2006-08-23Mike Scott
They left out "Allowing drivers licenses to be used for purposes other than proving entitlement to drive a vehicle", which leads to such nonsenses as state DMVs having to issue non-driver IDs.]]>
2006-08-23T09:36:47Z2006-08-23T09:36:47Ztag:www.schneier.com,2006:/blog//2.1065-comment:108828Comment from jsaltz on 2006-08-22jsaltz
They are an abomination.]]>
2006-08-22T22:01:27Z2006-08-22T22:01:27Ztag:www.schneier.com,2006:/blog//2.1065-comment:108826Comment from Rob Mayfield on 2006-08-22Rob Mayfield
It's hard not to perceive a US focus on that list ...]]>
2006-08-22T21:43:30Z2006-08-22T21:43:30Ztag:www.schneier.com,2006:/blog//2.1065-comment:108816Comment from Dave Aronson on 2006-08-22Dave Aronsonhttp://www.davearonson.net/
@jmc: "Depending on their religion, they actually do recover from it."

ITYM, "Depending on their religion, they might claim that they will recover from it." AFAIK, there have been no proven cases of actually doing so.

]]>
2006-08-22T21:06:46Z2006-08-22T21:06:46Ztag:www.schneier.com,2006:/blog//2.1065-comment:108802Comment from pi on 2006-08-22pi
How bout recently when AOL released 36 million private search queries to the public? ]]>
2006-08-22T20:34:22Z2006-08-22T20:34:22Ztag:www.schneier.com,2006:/blog//2.1065-comment:108801Comment from Don on 2006-08-22Don
The SSN isn't the debacle. It's what came after it that's the debacle:

A) Assuming that because it's unique it's also a secret.
B) Assuming that because it used to be more of a secret in a simpler era, it will always be just as secret, regardless of how technology changes.

Those are the security failures associated with SSN's, not the SSN itself.

]]>
2006-08-22T20:30:40Z2006-08-22T20:30:40Ztag:www.schneier.com,2006:/blog//2.1065-comment:108792Comment from Jim on 2006-08-22Jim
Next big thing: Public wifi cameras on every lamp post in the world. It will be free and ad supported of course. You'll be walking through an Internet commercial on the public sidewalk. The public square will be a corporate network of ads and cameras recording your life. You'll be able to relive yesterday using Google. Your whole life can be replayed at your funeral and they can even place ads instead of flowers on the casket. The wifi cameras will be taping your hearse all the way to the graveyard. You won't even have privacy being dead. You won't need the SSN anymore, so hells bells.]]>
2006-08-22T19:49:21Z2006-08-22T19:49:21Ztag:www.schneier.com,2006:/blog//2.1065-comment:108763Comment from Anonymous on 2006-08-22Anonymous
Google tears down privacy, but it makes a lot of cash doing it, so people don't care. The masses are worked up into a frenzy about the dreaded SSN. If you want to track a person, use Google, not the SSN. You'll have more success, plus you can make money selling them back their privacy as they search for help.]]>
2006-08-22T18:29:06Z2006-08-22T18:29:06Ztag:www.schneier.com,2006:/blog//2.1065-comment:108760Comment from Jim on 2006-08-22Jim
Could Google be called a privacy debacle?After one story about that, Google wouldn't speak to certain journalists. New ways to communicate, you just can't say or write certain things or the information elite will boycott your reporters and publications.]]>
2006-08-22T18:22:23Z2006-08-22T18:22:23Ztag:www.schneier.com,2006:/blog//2.1065-comment:108757Comment from Jim on 2006-08-22Jim
One word Naples Florida. Marketing.
]]>
2006-08-22T18:15:02Z2006-08-22T18:15:02Ztag:www.schneier.com,2006:/blog//2.1065-comment:108755Comment from @ct on 2006-08-22@ct
US Census data was also used to intern Americans of Japanese decsent in WWII.]]>
2006-08-22T18:06:48Z2006-08-22T18:06:48Ztag:www.schneier.com,2006:/blog//2.1065-comment:108754Comment from Jim on 2006-08-22Jim
Brian make a good point. It' all about corp.x and the profit. They're creating the problem and selling the solution, while killing innovation at every turn. It's like DRM and your DID is based on what music you download and what your device identifier is. Cell phones are a big privacy debacle that keep evolving. You shouldn't even need phone numbers by now.]]>
2006-08-22T18:06:40Z2006-08-22T18:06:40Ztag:www.schneier.com,2006:/blog//2.1065-comment:108752Comment from Naples Florida Real Estate on 2006-08-22Naples Florida Real Estatehttp://www.chrisfarrugia.com
Can someone explain to me why private data ends up on a laptop to begin with? Laptops are such easy targets for theft. Common sense in this issue.]]>
2006-08-22T18:05:57Z2006-08-22T18:05:57Ztag:www.schneier.com,2006:/blog//2.1065-comment:108747Comment from jim on 2006-08-22jim
I was wondering about this. "To protect your personal information and prevent identity theft, we cannot issue Social Security numbers or cards online. ..."
www.ssa.gov/ssnumber/

Some day you might be able to do this online and even change your own SSN. People constantly changing their SSN's would add randomness. SSN makes use of security by avoiding technology. A typical problem isn't the number, it's the fact it is difficult to change. If you get in the witness protection program, it can be changed. Most of us won't, so we are stuck with the same number. The criminal has some advantages. Government doesn't want too much public control over things. eVoting machines will use a unique number, so the secret ballot is about shot too. The only people with privacy will be the people working in government (public) jobs. Ironic!

I'm inclined to agree. IMHO, the most serious threat to privacy isn't SSNs, it is corporate data aggregation. I can refuse to give out my SSN to someone, but how do I refuse to give out my personal information when I make a financial transaction more elaborate than buying groceries? Once upon a time, I could have given out my name, address, and phone number to someone and know that they would need to do some serious work to use that data to find out more information about me. Now, they can tap into all kinds of corporate databases and know all about me in a few minutes.

And that doesn't require any kind of security breach. It's just how things work.

]]>
2006-08-22T17:20:03Z2006-08-22T17:20:03Ztag:www.schneier.com,2006:/blog//2.1065-comment:108732Comment from Carlo Graziani on 2006-08-22Carlo Graziani
I think the "Great Social Security Number Creation Calamity" is a bit of a canard. Many countries have unique identifiers for their citizens, as well as national ID cards, and those citizens' liberties are not necessarily under threat.

The problem is what the government and private actors _do_ with that unique identifier. SSN is a catastrophe in the US because we have no laws seriously regulating the aggregation and use of personal data by law enforcement and particularly by corporations. Such laws exist in Europe, and as a result there is a widespread view of unique ID for citizens as benign, or at least neutral, from the viewpoint of civil liberty.

]]>
2006-08-22T16:57:40Z2006-08-22T16:57:40Ztag:www.schneier.com,2006:/blog//2.1065-comment:108731Comment from Lamby on 2006-08-22Lamby
#11: Schneier accidently posts his private diary online, thousands view it and post cryptic comments.]]>
2006-08-22T16:49:32Z2006-08-22T16:49:32Ztag:www.schneier.com,2006:/blog//2.1065-comment:108728Comment from Jim on 2006-08-22Jim
Drunk. So what, it's not like I'm on the road going 50 MPH ready to kill a car load of people or something. ]]>
2006-08-22T16:25:28Z2006-08-22T16:25:28Ztag:www.schneier.com,2006:/blog//2.1065-comment:108727Comment from Jim on 2006-08-22Jim
A friend told me that U.S. census data is manipulated to move federal money around. A census isn't exact, so the data can be used in corrupt ways. 2+2 can=5. A family can have 2.3 children. The new census will use Microsoft mobile devices from what I have read. Everybody will get a MS # that meshes with their SS #. You will be databased in a corporate government server. You the microserf can be stored, tracked and manipulated for profit and geek fun. This will create huge profits of course.]]>
2006-08-22T16:22:05Z2006-08-22T16:22:05Ztag:www.schneier.com,2006:/blog//2.1065-comment:108723Comment from Anonymous on 2006-08-22Anonymous
I realize this is offtopic, but Jim is clearly drunk.]]>
2006-08-22T16:15:29Z2006-08-22T16:15:29Ztag:www.schneier.com,2006:/blog//2.1065-comment:108720Comment from ct on 2006-08-22ct
The list covers a fairly recent slice of history for representing the worst privacy violations "of all time."

What about the creation of the Roman Census?

What about slavery?

What about the Nazi's use of the census to identify and persecute Jews and other minorities?

]]>
2006-08-22T16:03:47Z2006-08-22T16:03:47Ztag:www.schneier.com,2006:/blog//2.1065-comment:108719Comment from Kevin S. on 2006-08-22Kevin S.
Please retract my previous post (Never post before coffee kicks in) Apologies.]]>
2006-08-22T15:56:47Z2006-08-22T15:56:47Ztag:www.schneier.com,2006:/blog//2.1065-comment:108717Comment from Jim on 2006-08-22Jim
Talk about drama. Millions of children form a cult, they all have ipods loaded with Choicepoint data. Lives are ruined, adults sleep in the ipod plant to keep pace with demand. Children take over the global economy and enslave the United States using social security data.]]>
2006-08-22T15:53:29Z2006-08-22T15:53:29Ztag:www.schneier.com,2006:/blog//2.1065-comment:108716Comment from Kevin S. on 2006-08-22Kevin S.
From #10 Choicepoint:
"....at least $5 million of which goes to the consumers whose lives they ruined."

*lives they ruined* seems to be a bit of an overstatement. Has there been a documented case of anyone's life being RUINED as a result? I'm not saying that its not a potentially very bad situation, but jeez - talk about drama!

]]>
2006-08-22T15:45:53Z2006-08-22T15:45:53Ztag:www.schneier.com,2006:/blog//2.1065-comment:108714Comment from Jim on 2006-08-22Jim
I was looking at a top 10 list of evil children in the movies. The Children of the Damned went high tech and built a supersonic weapon out of a church organ to battle the government. Maybe the modern Children of the Damned will weaponize their ipods. Maybe they have. I'm not sure. We need a top 10 ipod weapons list. ]]>
2006-08-22T15:40:16Z2006-08-22T15:40:16Ztag:www.schneier.com,2006:/blog//2.1065-comment:108713Comment from Hullu on 2006-08-22Hullu
Also, if you kill a single person is that worse than losing one million identities?

As a single incident happening on a single person - murder is probably among the worst. But that's not what we're talking about here.

]]>
2006-08-22T15:38:19Z2006-08-22T15:38:19Ztag:www.schneier.com,2006:/blog//2.1065-comment:108712Comment from jmc on 2006-08-22jmc
Depending on their religion, they actually do recover from it.]]>
2006-08-22T15:34:45Z2006-08-22T15:34:45Ztag:www.schneier.com,2006:/blog//2.1065-comment:108707Comment from Anonymous on 2006-08-22Anonymous
@EdT
Most people don't make a recovery from being killed.]]>
2006-08-22T15:24:09Z2006-08-22T15:24:09Ztag:www.schneier.com,2006:/blog//2.1065-comment:108706Comment from Ed T. on 2006-08-22Ed T.http://www.etee2k.net/blog
"I'm sorry, but given that only one of them talks about a murder, that one should definitely be #1, don't you think?"

Only if you believe that murder is the worst thing that can happen to somebody. Now, while I happen to think that being killed isn't all that nice a thing, I think there may well be worse things - and having your very identity stolen is among them.

~EdT.

]]>
2006-08-22T15:18:08Z2006-08-22T15:18:08Ztag:www.schneier.com,2006:/blog//2.1065-comment:108699Comment from Brian on 2006-08-22Brian
I hesitate to start another discussion about the NSA's access to phone records, but did Wired get the facts wrong in the #2 entry on the list?

My understanding was that
- AT&T had turned over phone records to the NSA. There was (is) warrantless wire-tapping going on, but that did not require the cooperation of AT&T.

- Initial reports were that all of the telcos except Qwest had turned over phone records, but now several of the other phone companies are claiming they didn't hand out that data either.

I would have expected both of those issues to be caught by the fact-checkers at Wired, so I'm wondering whether I am misinformed.

]]>
2006-08-22T13:38:07Z2006-08-22T13:38:07Ztag:www.schneier.com,2006:/blog//2.1065-comment:108697Comment from Frank Koehntopp on 2006-08-22Frank Koehntopphttp://www.gadgetguy.de
I'm sorry, but given that only one of them talks about a murder, that one should definitely be #1, don't you think?]]>
2006-08-22T13:15:46Z2006-08-22T13:15:46Ztag:www.schneier.com,2006:/blog//2.1065-comment:108695Comment from anna on 2006-08-22annahttp://punk-apple.livejournal.com/185690.html
The social security number thing is interesting ... globally ....
in Finland, if you know anyone's social security number's last 4 digits (you'll know the part before that if you know their birth date and year) you can prove that you are that other person.
As in so many places they ask for those 4 digits as a proof of who you are, e.g. on the phone ... so a friend of mine has used her mum to call to the state offices to take care of her issues while she wasn't living in Finland. As the mum did know those 4 digits, it was always proven that her mum was her, so the issues were always solved correctly, just as if she would have called herself ... I don't even want to think what other uses people have had for the SSN numbers in that country.]]>
2006-08-22T13:05:19Z2006-08-22T13:05:19Ztag:www.schneier.com,2006:/blog//2.1065-comment:108693Comment from european on 2006-08-22european
Missing: EU data retention Law ]]>
2006-08-22T12:18:32Z2006-08-22T12:18:32Z